我遇到了一个非常棘手的难题,Windows 7 上的蓝屏问题。几周前,一台计算机在计算智能卡时开始出现蓝屏。这是一台带智能卡的 POS 机,对于每张开具的收据,它都必须计算智能卡中的哈希值。
于是我开始寻找驱动程序/硬件错误,我更新了一些驱动程序(即使旧驱动程序多年来一直没有错误)......但没有成功。因此我更换了智能卡和智能卡读卡器,但仍然不起作用。我还尝试将所有 POS 系统切换到另一台计算机,但每进行 10-20 次哈希计算,蓝屏就会再次出现。
我尝试分析转储文件,似乎故障组件是 ntoskrnl.exe,而且这似乎不是驱动程序连接错误。
这是转储文件: https://drive.google.com/file/d/0B68Lon7XGG2tdzcxLXUwSXJibms/view?usp=sharing
这是转储详细信息:
KMODE_EXCEPTION_NOT_HANDLED 0x0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+70380
以及转储分析数据:
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.23392.amd64fre.win7sp1_ldr.160317-0600
Machine Name:
Kernel base = 0xfffff800`02e4f000 PsLoadedModuleList = 0xfffff800`03091730
Debug session time: Sat May 7 14:48:33.499 2016 (UTC - 4:00)
System Uptime: 0 days 0:24:58.841
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000008, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 0000000000000000
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fb100
GetUlongFromAddress: unable to read from fffff800030fb1c8
0000000000000000 Nonpaged pool
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
BUGCHECK_STR: 0x1e_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 1
TRAP_FRAME: fffff8800701b7f0 -- (.trap 0xfffff8800701b7f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800737ee70 rbx=0000000000000000 rcx=fffffa8008f13a20
rdx=fffffa800737ee70 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=fffff8800701b980 rbp=0000000000000000
r8=fffffa800398b010 r9=fffff8000303de80 r10=fffffa80036fb570
r11=fffffa8004a55c10 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
00000000`00000000 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002f3f512 to fffff80002ebf380
STACK_TEXT:
fffff880`0701af68 fffff800`02f3f512 : 00000000`0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx
fffff880`0701af70 fffff800`02ebea02 : fffff880`0701b748 fffffa80`c0000120 fffff880`0701b7f0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x40e2d
fffff880`0701b610 fffff800`02ebd57a : 00000000`00000008 00000000`00000000 00000000`00000200 fffffa80`c0000120 : nt!KiExceptionDispatch+0xc2
fffff880`0701b7f0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff880`0507cf00 fffffa80`08239bb8 : nt!KiPageFault+0x23a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+40e2d
fffff800`02f3f512 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+40e2d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 56eb24e6
FAILURE_BUCKET_ID: X64_0x1e_c0000005_nt!_??_::FNODOBFM::_string_+40e2d
BUCKET_ID: X64_0x1e_c0000005_nt!_??_::FNODOBFM::_string_+40e2d
Followup: MachineOwner
---------
BSOD 总是发生在同一操作中:智能卡哈希计算,但它不是系统性的,因为它可以在崩溃之前进行许多计算,有时它可以连续工作几天而没有错误。
我尝试读取该机器在第一次崩溃前几天进行的最新 Windows 更新:KB2952664、KB3137061、KB3138901、KB3142042、KB3145739、KB3146706、KB3146963、KB3147071、KB3148198、KB3148851、KB3149090,但似乎没有任何内容与智能卡相关,我也尝试过卸载它们,但没有成功。
几天后,另一台 POS 计算机也开始出现同样的问题和错误。那是一个使用另一台计算机硬件的系统,但使用相同的智能卡、智能卡读卡器和热敏收据打印机。我强调这些系统运行良好,而且我能想到的唯一最近变化是 Windows 更新。
最后我解决了从 Windows 7 升级到 Windows 10 的问题,但这不是一个真正的解决方案!
你能告诉我如何读取转储详细信息吗?是否有我没有考虑到的信息?
答案1
看起来您的问题很可能出在 iusb3xhc.sys(USB 3 主机控制器的驱动程序)上。
调试器的内置分析工具命令!analyze -v
得出了这一结论。要使用它,您必须安装“Windows 调试工具”包并配置符号文件路径。然后在 WinDbg 中打开转储文件并在命令提示符下输入 !analyze -v。
要手动执行此操作,请打开转储文件,然后使用 kv 命令:
0: kd> kv
Child-SP RetAddr : Args to Child : Call Site
fffff880`0701af68 fffff800`02f3f512 : 00000000`0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx
fffff880`0701af70 fffff800`02ebea02 : fffff880`0701b748 fffffa80`c0000120 fffff880`0701b7f0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x40e2d
fffff880`0701b610 fffff800`02ebd57a : 00000000`00000008 00000000`00000000 00000000`00000200 fffffa80`c0000120 : nt!KiExceptionDispatch+0xc2
fffff880`0701b7f0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff880`0507cf00 fffffa80`08239bb8 : nt!KiPageFault+0x23a (TrapFrame @ fffff880`0701b7f0)
这显示了一个非常短的堆栈。但在最后一行的右边缘,我们看到了来自 KiPageFault 的调用(表示正在处理内存访问错误),并带有“陷阱帧”指示。陷阱帧记录了页面错误异常时处理器的状态。调试器的.trap
命令让我们将调试器的状态(无论如何是其中的一部分)设置为陷阱帧中记录的状态:
0: kd> .trap fffff880`0701b7f0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed.
rax=fffffa800737ee70 rbx=0000000000000000 rcx=fffffa8008f13a20
rdx=fffffa800737ee70 rsi=0000000000000001 rdi=0000000000000000
rip=0000000000000000 rsp=fffff8800701b980 rbp=0000000000000000
r8=fffffa800398b010 r9=fffff8000303de80 r10=fffffa80036fb570
r11=fffffa8004a55c10 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
00000000`00000000 ?? ???
现在我们kv
再次尝试该命令:
0: kd> kv
*** Stack trace for last set context - .thread/.cxr resets it
Child-SP RetAddr : Args to Child : Call Site
fffff880`0701b980 00000000`00000000 : 00000000`00000000 fffff880`0507cf00 fffffa80`08239bb8 fffff880`0701ba18 : 0x0
fffff880`0701b988 00000000`00000000 : fffff880`0507cf00 fffffa80`08239bb8 fffff880`0701ba18 fffff880`0507cf60 : 0x0
fffff880`0701b990 fffff880`0507cf00 : fffffa80`08239bb8 fffff880`0701ba18 fffff880`0507cf60 fffffa80`08f13a50 : 0x0
fffff880`0701b998 fffffa80`08239bb8 : fffff880`0701ba18 fffff880`0507cf60 fffffa80`08f13a50 00000000`00000000 : iusb3xhc+0x7cf00
fffff880`0701b9a0 fffff880`0701ba18 : fffff880`0507cf60 fffffa80`08f13a50 00000000`00000000 00000000`0000004f : 0xfffffa80`08239bb8
fffff880`0701b9a8 fffff880`0507cf60 : fffffa80`08f13a50 00000000`00000000 00000000`0000004f fffff880`009f1380 : 0xfffff880`0701ba18
fffff880`0701b9b0 fffffa80`08f13a50 : 00000000`00000000 00000000`0000004f fffff880`009f1380 00000000`00000000 : iusb3xhc+0x7cf60
fffff880`0701b9b8 00000000`00000000 : 00000000`0000004f fffff880`009f1380 00000000`00000000 00000000`00000100 : 0xfffffa80`08f13a50
fffff880`0701b9c0 00000000`0000004f : fffff880`009f1380 00000000`00000000 00000000`00000100 00000000`00000000 : 0x0
fffff880`0701b9c8 fffff880`009f1380 : 00000000`00000000 00000000`00000100 00000000`00000000 00000000`00000001 : 0x4f
fffff880`0701b9d0 00000000`00000000 : 00000000`00000100 00000000`00000000 00000000`00000001 fffff880`009f1f60 : 0xfffff880`009f1380
fffff880`0701b9d8 00000000`00000100 : 00000000`00000000 00000000`00000001 fffff880`009f1f60 fffff800`02eb4fbd : 0x0
fffff880`0701b9e0 00000000`00000000 : 00000000`00000001 fffff880`009f1f60 fffff800`02eb4fbd fffffa80`04807810 : 0x100
fffff880`0701b9e8 00000000`00000001 : fffff880`009f1f60 fffff800`02eb4fbd fffffa80`04807810 00000000`00000000 : 0x0
fffff880`0701b9f0 fffff880`009f1f60 : fffff800`02eb4fbd fffffa80`04807810 00000000`00000000 00000000`00000000 : 0x1
fffff880`0701b9f8 fffff800`02eb4fbd : fffffa80`04807810 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff880`009f1f60
fffff880`0701ba00 fffff800`02ec48c2 : 00000000`00000001 00000000`00000000 00000000`0000004f fffffa80`036c66d0 : nt!KiCommitThreadWait+0x3dd
fffff880`0701ba90 fffff800`0319365f : fffffa80`04807b40 fffffa80`04807b40 00000000`00000000 fffffa80`0000004f : nt!KeDelayExecutionThread+0x186
fffff880`0701bb00 fffff800`03193fed : 00000000`00000000 ffffffff`fffe7960 00000000`00000000 00000000`00000000 : nt!IoCancelThreadIo+0x6f
fffff880`0701bb30 fffff800`03194651 : 00000000`00000000 fffff800`03158400 fffffa80`075e6100 00000000`00000000 : nt!PspExitThread+0x58d
该堆栈已损坏(请注意,调用站点地址处全为 0),但很明显,iusb3xhc.sys 驱动程序的调用正在进行中。
建议的解决方案:我很确定该驱动程序是由英特尔编写的。请访问英特尔网站,查看是否有比 Microsoft 提供的版本更新的版本。如果没有,或者没有帮助,请尝试较早的版本。最后的办法:禁用 USB 3 主控制器并使用 USB 2 速度,直到出现更好的驱动程序。